Investigation Planning and Conducting a Fraud Examination PLANNING AND CONDUCTING A FRAUD EXAMINATION Why Conduct a Fraud Examination? There are many reasons why organizations choose to conduct fraud examinations. In particular, a properly executed fraud examination can address a number of organizational objectives, including: Identifying improper conduct Identifying the persons responsible for improper conduct Stopping fraud Sending a message throughout the organization that fraud will not be tolerated Determining the extent of potential liabilities or losses that might exist Helping to facilitate the recovery of losses Stopping future losses Mitigating other potential consequences Strengthening internal control weaknesses In addition, in some instances, a fraud examination might be required by law. A duty to investigate can arise from statutes, regulations, contracts, or common law duties. For example, a corporation’s directors and officers owe a common law duty of care to their organization and shareholders, and therefore, when suspicions of fraud arise, it might be necessary for them to conduct an investigation to ensure that they have full knowledge of such issues affecting the company. Likewise, some laws hold employers accountable for investigating employee complaints involving certain matters, such as retaliation, discrimination, harassment, and similar issues. Tips Fraud can be discovered in several ways, such as via a tip or complaint, an auditing procedure, monitoring, or chance. However, according to the ACFE 2014 Report to the Nations, more than 40 percent of all internal investigations originate with a tip from an employee, customer, or vendor. Management review and internal audit are each the impetus for about 15 percent of internal investigations, while the remainder are discovered through other means. As tips are the most valuable resource for discovering internal fraud, companies should proactively seek them out by implementing easily accessible and anonymous (where 2016 Fraud Examiners Manual (International) 3.101
Planning and Conducting a Fraud Examination Investigation permitted by law) fraud reporting tools, such as a tip hotline or dedicated Web page. Additionally, these reporting programs should be designed to accept external tips from sources such as customers and vendors. Not all tips are valid, and while it is important to consider the motives of individuals willing to supply information of this kind, all tips must be approached from the outset as if they will yield useful information. In many instances, the tipster provides information that is of value in commencing an internal fraud case. In such cases, the tipster observes or becomes aware of activity that is suspicious and feels a sense of obligation to report it. What Fraud Examination Entails The term fraud examination refers to a process of resolving allegations of fraud from inception to disposition, and it is the primary function of the anti-fraud professional. The fraud examination process encompasses a variety of tasks that might include: Obtaining evidence Reporting Testifying to findings Assisting in fraud detection and prevention Obtaining Evidence The value of a fraud examination rests on the credibility of the evidence obtained. Evidence of fraud usually takes the form of documents or statements by witnesses; therefore, fraud examiners must know how to properly and legally obtain documentary evidence and witness statements. Reporting Once evidence has been obtained and analyzed, and findings have been drawn from it, the fraud examiner must report the results to the designated individuals (e.g., management, the board, or the audit committee). A fraud examination report is a narration of the fraud examiner’s specific activities, findings, and, if appropriate, recommendations. Such communications are necessary so that those responsible can determine the appropriate course of action. 3.102 2016 Fraud Examiners Manual (International)
Investigation Planning and Conducting a Fraud Examination The results of an examination can be communicated in various ways. The appropriate method of communication will depend on the facts at issue, but most reports are communicated orally or in writing. When communicating the results of a fraud examination, the fraud examiner is responsible for providing clear, accurate, and unbiased reports reflecting the fraud examination results. This need arises from the possibility that such results might end up being read or used by various groups of people, such as organization insiders, attorneys, defendants, plaintiffs, witnesses, juries, judges, the media, and so on. Testifying to Findings Often, fraud examiners are called upon to provide testimony and report their findings at a deposition, trial, or other legal proceeding. When providing testimony, fraud examiners must be truthful. They should also communicate in a clear and succinct manner. Assisting in Fraud Detection and Prevention Fraud examiners are not responsible for the prevention of fraud; such responsibilities belong to management or other appropriate authority. Nevertheless, fraud examiners are expected to actively pursue and recommend appropriate policies and procedures to prevent fraud. Because of their education, experience, and training, Certified Fraud Examiners are uniquely qualified to assist organizations in the prevention and detection of fraud. Fraud Examination and Forensic Accounting Although fraud examination shares certain characteristics with forensic accounting, they are not the same discipline. Forensic accounting is the use of professional accounting skills in matters involving potential or actual civil or criminal litigation. The word forensic is defined by Black’s Law Dictionary as “used in or suitable to courts of law or public debate.” Therefore, forensic accounting is actually litigation support involving accounting. Accordingly, most fraud examinations involve forensic accounting, but not all forensic accounting is fraud examination. For example, an individual hired to value the property in a 2016 Fraud Examiners Manual (International) 3.103
Planning and Conducting a Fraud Examination Investigation minority shareholder derivative suit would engage in forensic accounting even if the engagement does not involve fraud. While fraud examinations can be conducted by either accountants or nonaccountants, forensic accounting work can only be performed by accountants. In addition, while forensic accounting is litigation support work that involves accounting, fraud examinations only involve anti-fraud matters. Most fraud examinations will generally fall under the category of forensic accounting because the majority of fraud examinations, investigations, and reports regarding fraud are done with “an eye toward litigation.” This is because fraud examiners are taught to conduct fraud examinations with the assumption that they will end in litigation. Forensic accounting can include many professional services. Typically, forensic accountants perform assignments involving: Computer forensics Electronic discovery Bankruptcies, insolvencies, and reorganizations Workplace fraud investigations Calculations of economic losses Business valuations Professional negligence Fraud Examination Methodology Fraud examination is a methodology of resolving signs or allegations of fraud from inception to disposition. The fraud examination methodology establishes a uniform, legal process for resolving signs or allegations of fraud on a timely basis. It provides that fraud examinations should move in a linear order, from the general to the specific, gradually focusing on the perpetrator through an analysis of evidence. Fraud examinations involve efforts to resolve allegations or signs of fraud when the full facts are unknown or unclear; therefore, fraud examinations seek to obtain facts and evidence to help establish what happened, identify the responsible party, and provide recommendations where applicable. 3.104 2016 Fraud Examiners Manual (International)
Investigation Planning and Conducting a Fraud Examination When conducting a fraud examination to resolve signs or allegations of fraud, the fraud examiner should assume litigation will follow, act on predication, approach cases from two perspectives, move from the general to the specific, and use the fraud theory approach. Assume Litigation Will Follow Each fraud examination should begin with the proposition that the case will end in litigation. Thus, when a fraud examiner begins a fraud examination, he must assume that the case will end in litigation, and this assumption must be maintained and considered throughout the entire examination. If the fraud examiner assumes that litigation will occur, he will conduct the examination in accordance with the proper rules of evidence and remain well within the guidelines established by the legal systems. Act on Predication Fraud examinations must adhere to the law; therefore, fraud examiners should not conduct or continue fraud examinations without proper predication. Predication is the totality of circumstances that would lead a reasonable, professionally trained, and prudent individual to believe that a fraud has occurred, is occurring, and/or will occur. In other words, predication is the basis upon which an examination, and each step taken during the examination, is commenced. A fraud examiner acts on predication when he has a sufficient basis and legitimate reason to take each step in an examination. Accordingly, fraud examiners should begin a fraud examination only when there are circumstances that suggest fraud has occurred, is occurring, and/or will occur, and they should not investigate beyond the available predication. If a fraud examiner cannot articulate a factual basis or good reason for an investigative step, he should not do it. Therefore, a fraud examiner should reevaluate the predication as the fraud examination proceeds. That is, as a fraud examination progresses and new information emerges, the fraud examiner should continually reevaluate whether there is adequate predication to take each additional step in the examination. If a fraud examiner acts without predication, he might expose both himself and his client or employer to liability. 2016 Fraud Examiners Manual (International) 3.105
Planning and Conducting a Fraud Examination Investigation The requirement for predication, however, does not bar fraud examiners from accepting other forms of engagements in circumstances where predication is lacking. For example, a fraud examiner can conduct a fraud risk assessment for consulting purposes even if there is no reason to believe a fraud has occurred, is occurring, and/or will occur. Approach from Two Perspectives Fraud examiners should approach investigations into fraud matters from two perspectives: (1) by seeking to prove that fraud has occurred and (2) by seeking to prove that fraud has not occurred. To prove that a fraud has occurred, the fraud examiner must seek to prove that fraud has not occurred. The reverse is also true. To prove fraud has not occurred, the fraud examiner must seek to prove that fraud has occurred. The reasoning behind this twoperspective approach is that both sides of fraud must be examined because under the law, proof of fraud must preclude any explanation other than guilt. Move from the General to the Specific Fraud examinations commence when the full facts are unknown or unclear; therefore, they should proceed from the general to the specific. That is, fraud examinations should begin with general information that is known, starting at the periphery, and then move to the more specific details. To illustrate, consider the order of interviews in fraud examinations. In most examinations, fraud examiners should start interviewing at the periphery of all possible interview candidates and move toward the witnesses who appear more involved in the matters that are the subject of the examination. Thus, the usual order of interviews is as follows: Neutral third-party witnesses, starting with the least knowledgeable and moving to those who are more knowledgeable about the matters at issue Parties suspected of complicity, starting with the least culpable and moving to the most culpable The primary suspect(s) of the examination Use the Fraud Theory Approach When conducting fraud examinations, fraud examiners should adhere to the fraud theory approach. The fraud theory approach is an investigative tool designed to help fraud examiners organize and direct examinations based on the information available at the time. 3.106 2016 Fraud Examiners Manual (International)
Investigation Planning and Conducting a Fraud Examination The fraud theory approach provides that, when conducting investigations into allegations or signs of fraud, the fraud examiner should make a hypothesis (or theory) of what might have occurred based on the known facts. Once the fraud examiner has created a hypothesis, he should test it through the acquisition of new information (or correcting and integrating known information) to determine whether the hypothesis is provable. If, after testing a hypothesis, the fraud examiner determines that it is not provable, he should continually revise and test his theory based on the known facts until it is provable, he concludes that no fraud is present, or he finds that the fraud cannot be proven. Simply put, the fraud theory approach involves the following steps: Analyzing available data Creating a hypothesis Testing the hypothesis Refining and amending the hypothesis The following internal fraud case study illustrates the concepts involved in the fraud examination process. Although the case study is based on an actual incident, the names and certain other facts have been changed for purposes of illustration. LINDA REED COLLINS CASE STUDY Linda Reed Collins is purchasing manager for Bailey Books Incorporated in St. Augustine, Florida. Bailey, with 226 million in annual sales, is one of the country’s leading producers of textbooks for the college and university market, as well as technical manuals for the medical and dental professions. Bailey’s headquarters consists of 126 employees, plus numerous sales personnel in the field. Because of the competitive nature of the textbook business, the company’s profit margins are quite thin. Bailey’s purchases average about 75 million annually, consisting mostly of paper stock and covering used in the manufacturing process. The great majority of the manufacturing is done in Mexico through contracts with the Mexican government. The purchasing function is principally handled by three purchasing agents. Linda Reed Collins is the purchasing manager and has two other buyers who report to her, plus another 18 clerical and support personnel. 2016 Fraud Examiners Manual (International) 3.107
Planning and Conducting a Fraud Examination Investigation Because Bailey Books is required by investors and lenders to have audited annual financial statements, Bailey employs a large regional CPA firm to conduct its annual audit and has a staff of five internal auditors. All internal fraud matters within Bailey are referred to Loren D. Bridges, a Certified Fraud Examiner. Often, internal fraud issues at Bailey involve defalcations by Bailey’s cashiers, but Bridges also receives a constant stream of complaints alleging misconduct by Bailey Books’ salespeople and distributors. On January 28, Bridges received a telephone call in which the caller, who was male, wanted to keep his identity hidden. The caller, however, claimed to have been a “long-term” supplier of books, sundries, and magazines to Bailey. The caller said that ever since Linda Collins took over as purchasing manager for Bailey several years ago, he has been systematically forced out of doing business with Bailey. Although Bridges queried the caller for additional information, the caller hung up the telephone. Under the facts in this case study, there could be many legitimate reasons why a supplier to Bailey would feel unfairly treated. Linda Reed Collins could be engaged in fraud, as the caller claimed, or the caller could be someone who has a personal vendetta against Collins and wants to get her fired. That is, Bridges does not have enough information to know if the caller was forced out of doing business with Bailey or why this might have been the case. Because Bridges does not have all of the facts, he should investigate the matter using the fraud theory approach. Analyzing Available Data Under the fraud theory approach, Bridges should begin by analyzing the available data so he can create a preliminary hypothesis as to what has occurred. Also, if those responsible determined that an audit of the entire purchasing function is warranted, the audit would be conducted at the time this determination is made. When conducting the audit, the internal auditors should keep in mind that there is a possibility that fraud might exist. Creating a Hypothesis Once Bridges has analyzed the available data, he should create a preliminary hypothesis as to what has occurred. The hypothesis should be a “worst-case” scenario. That is, based on the 3.108 2016 Fraud Examiners Manual (International)
Investigation Planning and Conducting a Fraud Examination caller’s statements, Bridges should determine the worst possible outcome. Under these facts, the worst possible outcome would be that one of Bailey’s purchasing agents has been accepting kickbacks to steer business to a particular vendor. Fraud examiners can create hypotheses for any specific allegation (e.g., a bribery or kickback scheme, embezzlement, conflict of interest, or financial statement fraud). Testing the Hypothesis Once Bridges has created a hypothesis, he should test it through the acquisition of new information or by correcting and integrating known information. Testing a hypothesis involves creating a what-if scenario. For example, in the facts of the Linda Reed Collins case study, Bridges hypothesizes that, based on the anonymous tip, a vendor is bribing a purchasing agent. He would test this hypothesis by looking for some or all of the following facts: A vendor is receiving an unusually large amount of business Purchases of high-priced, low quality goods or services over an extended period A purchasing agent has a personal relationship with a vendor A purchasing agent with the ability to steer business toward a favored vendor A purchasing agent’s lifestyle suggests unexplained wealth or outside income Bridges could readily look for facts indicating a bribery scheme. He could readily establish whether a vendor is receiving an unreasonably large proportion of Bailey Book’s business when compared to similar vendors. Bridges could ascertain whether Bailey Books was paying too much for a particular product, such as paper, by simply calling other vendors and determining competitive pricing. Bridges could determine whether a vendor has a personal relationship with a purchasing agent by discreet observation or inquiry. Bridges could determine whether a particular purchasing agent had the ability to steer business toward a favored vendor by determining who is involved in the decision making process. Also, Bridges could learn about the agent’s lifestyle by examining public documents such as real estate records and vehicle titles. Refining and Amending the Hypothesis If, after testing a hypothesis, the fraud examiner determines that it is not provable, the fraud examiner should continually revise and test it based on the known facts. For example, if Bridges tests his hypothesis that a vendor is bribing a purchasing agent of Bailey Books and 2016 Fraud Examiners Manual (International) 3.109
Planning and Conducting a Fraud Examination Investigation learns that the facts do not fit the presence of a bribery scheme, he should revise his hypothesis and retest it. (Obviously, if the fraud examiner tests his hypothesis and determines that the facts do not fit the presence of a bribery scheme, it could be that no fraud is present or that the fraud cannot be proven.) The following flowchart sets forth how the fraud examination process is used to resolve signs or allegations of fraud. 3.110 2016 Fraud Examiners Manual (International)
Investigation Planning and Conducting a Fraud Examination Initial Predication Tips Complaints Accounting Clues Other Sources Evaluate Tips Is predication sufficient? No Yes Stop Develop fraud theory: ‒ Who might be involved? ‒ What might have happened? ‒ Why might the allegation be true? ‒ Where are the possible concealment places or methods? ‒ When did this take place (past or present)? ‒ How is the fraud being perpetrated? Determine where the evidence is likely to be: ‒ On-book vs. Off-book ‒ Internal or external ‒ Identify potential witnesses What evidence is necessary to prove intent? ‒ Number of occurrences ‒ Other areas of impropriety ‒ Witnesses Revise fraud theory Prepare chart linking people and evidence Determine possible defenses to allegations Is evidence sufficient to proceed? Yes No Discontinue Complete the investigation through: ‒ Interviews ‒ Document examination ‒ Observations 2016 Fraud Examiners Manual (International) 3.111
Planning and Conducting a Fraud Examination Investigation Develop a Fraud Response Plan When evidence of misconduct arises, management must respond in an appropriate and timely manner. During the initial response, time is critical. To help ensure that an organization responds to suspicious fraud-related activity efficiently, management should have a response plan in place that outlines how to respond to such issues. A fraud response plan outlines the actions that members of an organization will take when suspicions of fraud have arisen. Because every fraud is different, the response plan should not outline how a fraud examination should be conducted. Instead, response plans should help organizations manage their responses and create environments to minimize risk and maximize the potential for success. Additionally, a response plan will allow management to respond to suspected and detected incidents of fraud in a consistent and comprehensive manner. By having a response plan in place, management will send a message that it takes fraud seriously. More specifically, the fraud response plan should guide the necessary action when potential fraud is reported or identified. Also, a response plan should not be unduly complicated; for a response plan to work in high-pressure and time-sensitive situations, it must be simple to understand and administer. While the appropriate response will vary based on the event, management should include a range of scenarios in the response plan. Organizations without a fraud response plan might not be able to respond to issues properly, and will likely expend more resources and suffer greater harm than those that have such a plan in place. Conversely, having a response plan puts an organization in the best position to respond promptly and effectively. This section explores the elements of a fraud response plan, which include: Reporting protocols A response team responsible for conducting an initial assessment Factors used to decide on the course of action Litigation hold procedures 3.112 2016 Fraud Examiners Manual (International)
Investigation Principles for documenting the response plan A template or form to report fraud incidents Planning and Conducting a Fraud Examination Reporting Protocols One of the first steps when developing a response plan is to establish reporting protocols for tips, matters, allegations, and other indicators of improper activity. Reporting protocols are necessary to ensure that designated individuals are notified immediately to enable a prompt response. Reporting protocols should outline notification principles and escalation triggers that vary depending on the nature and severity of the allegations. That is, they should indicate how to communicate the incidents to the appropriate level of management. For example, a fraud response plan might instruct employees to report suspicions of fraud to their manager (if possible), a designated human resources (HR) or compliance officer, or the head of audit and enforcement. Next, the issue should be reported to the party or parties responsible for conducting an initial assessment to determine how to respond and whether a full investigation is necessary. Additionally, organizations should provide multiple channels for reporting concerns about fraud. A Response Team No single person can effectively address every fraud-related issue. Therefore, the fraud response plan must identify key individuals who might be required to respond to a particular fraud. The response team members will vary depending on the facts and the potential severity of the suspected fraud, but the team might include: Legal counsel A representative of management A Certified Fraud Examiner The finance director General counsel A representative of internal audit Audit committee members A C-level executive 2016 Fraud Examiners Manual (International) 3.113
Planning and Conducting a Fraud Examination Information technology (IT) personnel A representative of human resources (HR) Investigation Factors Used to Decide on the Course of Action Again, the response team should determine the appropriate course of action when fraud is suspected. In general, if an allegation of fraud-related misconduct arises, management should conduct an investigation, but there are other courses of action it might decide to take. To help decide the best course of action, management should identify a list of factors it will use to make this decision. Identifying such factors will help the response team determine whether to escalate an incident into an investigation. Each organization will have different criteria for deciding whether allegations/suspicions qualify for a formal investigation, but common ones include: Credibility of the allegation Type of incident The subject of the allegation The business purpose of the activity at issue Seriousness or severity of the allegation Potential negative impact Likelihood that the incident will end up in court The ways in which prior, similar incidents were handled Litigation Hold Procedures If an organization does not already have litigation hold procedures in place, management should institute them immediately. A litigation hold refers to the steps an organization takes to notify employees to suspend the destruction of potentially relevant records when the duty to preserve information arises. Litigation hold procedures are necessary to ensure that potentially responsive documents are not destroyed once evidence of misconduct arises. The failure to preserve relevant evidence could have several adverse consequences, including, but not limited to, the government’s questioning of the integrity of any fraud investigation, monetary fines and sanctions, adverse inference jury instruction sanctions, or dismissal of claims or defenses. 3.114 2016 Fraud Examiners Manual (International)
Investigation Planning and Conducting a Fraud Examination To establish litigation hold procedures, management should: Identify the scope of litigation hold procedures (i.e., the locations that the litigation hold procedures will cover). Examine how information moves through the organization. Determine how to identify relevant documents. Develop a process to ensure such information is preserved. Litigation hold procedures should apply to individual communications (e.g., email, chat messages, voice recordings), data on shared devices (e.g., network folders), system backup files, and archived data. In general, litigation hold policies should be developed so the organization can: Promptly notify employees who might possess relevant documents. Issue a preliminary hold order to all individuals and employees who might possess relevant information. Promptly notify information technology (IT) personnel and get their involvement if electronic data is at issue. Notify employees and IT personnel of their duty to preserve. Suspend any deletion protocols. Prohibit the destruction, loss, or alteration of any potentially relevant documents. Prohibit employees from destroying, hiding, or manipulating documents. Alert employees as to the risk to the company and the employees if they fail to heed the litigation hold request. Moreover, establishing litigation hold procedures will help those involved in an investigation identify the relevant sources of information quickly, and it will help them understand the technology options available for searching, analyzing, and reviewing data. Even though litigation holds should apply to both electronic data and physical documents, electronic data contains certain attributes that make executing a timely litigation hold more difficult. Specifically, electronic data might only be available for a temporary period, business practices are often designed to free up storage space by deleting this type of information, electronic data can reside in numerous locations, and identifying relevant electronic data within today’s large and complex data systems can be challenging and costly. 2016 Fraud Examiners Manual (International) 3.115
Planning and Conducting a Fraud Examination Investigation Moreover, if an organization operates internationally, it is more difficult to execute a timely hold. In such cases, management should consider retaining an outside expert to help with the data search and preservation. A key objective of a litigation hold is to stop any automatic document deletion programs or rules that might be in place. Principles for Documenting the Response Plan Management should
Investigation Planning and Conducting a Fraud Examination 2016 Fraud Examiners Manual (International) 3.107 The fraud theory approach provides that, when conducting investigations into allegations or signs of fraud, the fraud examiner should make a hypothesis (or theory) of what might have occurred based on the known facts.
Types of economic crime/fraud experienced Customer fraud was introduced as a category for the first time in our 2018 survey. It refers to fraud committed by the end-user and comprises economic crimes such as mortgage fraud, credit card fraud, claims fraud, cheque fraud, ID fraud and similar fraud types. Source: PwC analysis 2
Types of economic crime/fraud experienced Customer fraud was introduced as a category for the first time in our 2018 survey. It refers to fraud committed by the end-user and comprises economic crimes such as mortgage fraud, credit card fraud, claims fraud, cheque fraud, ID fraud and similar fraud types. Source: PwC analysis 2
Card Fraud 11 Unauthorised debit, credit and other payment card fraud 12 Remote purchase (Card-not-present) fraud 15 Counterfeit Card Fraud 17 Lost and Stolen Card Fraud 18 Card ID theft 20 Card not-received fraud 22 Internet/e-commerce card fraud los
Handling Debit Card Fraud STRATEGIZE- Debit card fraud and disputes must have a strategy based on evolving fraud. INVENTORY - Inventory all types of debit card fraud and how you mitigate fraud. TRAIN - Train your front line and investigators. DOCUMENT - Clearly document the strategy and fraud management and
Fraud by any other name is still fraud “Relatively few occupational fraud and abuse offenses are discovered through routine audits. Most Fraud is uncovered as a result of tips and complaints from other employees.” Association of Fraud
Detection of Fraud Schemes Fraud is much more likely to be detected by tips than by any other method. 2012 Association of Certified Fraud Examiners, Inc. 26 Detection of Occupational Frauds 2012 Association of Certified Fraud Examiners, Inc. 27 Why Employees Do Not Report Fraud According to a Business Ethics Study (Association of Certified Fraud Examiners), employees do not .
Fraud risk management strategy Fraud prevention Anti-fraud culture Risk awareness Whistleblowing Sound internal control systems A fraud policy statement, effective recruitment policies and good internal controls can minimise the risk of fraud. Fraud detection Performing regular checks. Warning signals/fraud risk indicators:
The anatomy and physiology Topic text is clearly and concisely written, and is presented in easily digestible units of information to help facilitate learning. SE GIDE: PIMAL’S 3D HMA AATOM AD PHSIOLOG Page 10 of 31. SLIDE USER GUIDE: PRIMALS 3D HUMAN ANATOMY AND PHYSIOLOGY Page 11 of 31 MOVIE SLIDE – DIAGRAM SLIDE – ILLUSTRATION SLIDE – PHOTOGRAPH SLIDE – STATIC 3D IMAGE The View .